Apple Risks Following Google as Europe Leads Privacy Probes

Regulators in Germany, France and Italy said last week they are checking whether Apple’s iPhone and iPad products violate privacy rules by tracking, storing and sharing data about the locations of users. Photographer: Chris Ratcliffe/Bloomberg

April 28 (Bloomberg) -- Apple Inc. may face greater
scrutiny in the European Union than the U.S. as regulators
investigate possible data-privacy lapses betraying the location
of iPhone and iPad users.

The Apple probes in Europe echo similar inquiries that have
dogged Google Inc. over wireless Internet data collected by its
Street View service, said Nick Graham, head of the London
Internet and data protection group of law firm SNR Denton.

“Issues that may not look terribly serious in the U.S. can
have much greater significance and seriousness here in Europe,
as Google has found out in connection with the WiFi,” said
Graham. “There is this tension between the U.S. rules which are
much narrower and the EU rules which are much broader.”

Regulators in Germany, France and Italy said last week they
are checking whether Apple’s iPhone and iPad products violate
privacy rules by tracking, storing and sharing data about the
locations of users. Irish officials are also examining “a
number of complaints about this issue,” Diarmuid Hallinan, a
spokesman for the country’s data protection commissioner, said
in an e-mail today.

U.S. lawmakers this week sent letters to six companies,
including Apple and Google to determine how location data is
stored on mobile device systems and how it’s transmitted.

The investigations followed a report by O’Reilly Radar, a
website owned by Sebastopol, California-based publisher O’Reilly
Media. It said Apple devices log latitude-longitude coordinates
along with the time of visits to locations across the globe.

Apple, based in Cupertino, California, said yesterday it
isn’t tracking the users’ location and plans to reduce the
amount of data the iPhone stores.

‘Never’

“Apple is not tracking the location of your iPhone,” the
company said in a statement. “Apple has never done so and has
no plans to ever do so.”

It said the iPhone saves information on WiFi hotspots and
cellular towers near a handset’s current location, which helps
the phone determine its location when needed by the user.

Data protection has been a thorn in the side of U.S.
technology companies in Europe. While Google has been targeted
by regulators across the EU for its Street View program, the
U.S. Federal Trade Commission dropped a probe last October after
the world’s biggest Internet search company said it would
improve privacy safeguards.

‘Big Brands’

“Sometimes the regulators in Europe will go for big brands
like Google, and Apple is a big brand,” said Graham. “It will
be perceived as a brand that should be demonstrating greater
privacy compliance because of its market position.”

Google was fined 100,000 euros ($147,000) in France last
month for violating the country’s privacy rules. Dutch watchdogs
on April 19 gave the company three months to inform users about
private data collected via WiFi by its Street View cars.

Apple has “seen what happened with Street View, they’re
not just going to go ahead and ask afterwards whether it was
OK,” said Carsten Casper, research director at Gartner Research
in Berlin. The more Apple and Google “mature and the bigger and
commercially successful they become, the more they’re getting
scrutinized.”

Any tracking technology has to be “proportionate” and
allow “users to give consent,” said Matthew Newman, a
spokesman for EU Justice Commissioner Viviane Reding. The issue
will be tackled in proposals for an overhaul of the EU’s 16-year-old data-protection rules later this year, he said.

The U.K. Information Commissioner’s Office said while it’s
aware “of the existing concerns” it won’t contact Apple about
this issue.

‘Fleeting Moment’

Users should be informed if their handsets collect data on
their location “for more than just a fleeting moment,” Lysette
Rutgers, a spokeswoman for the Dutch data protection agency,
said in an e-mail.

Operating-system developers “must not assume that the user
implicitly agrees with the storage of his data on the device,”
Rutgers said, declining to comment on specific investigations.

Google, based in Mountain View, California, said all
location-sharing on phones based on its Android software
requires an opt-in from the user.

“We provide users with notice and control over the
collection, sharing and use of location in order to provide a
better mobile experience on Android devices,” said Google
spokesman Ollie Rickman in an e-mail.

Even where a U.S. company says data is anonymous, it may
still breach EU rules, depending on how the scope of personal
data is defined, Graham said.

‘Sent Anonymously’

“The most important thing may be to prove that the data is
being sent anonymously,” said Jeff Fidacaro, an analyst at
Susquehanna Financial Group in New York. “It’s going to be
interesting to see how this plays out.”

Separately, the U.K. and Irish information watchdogs said
they will investigate the hacking of Sony Corp.’s PlayStation
Network after the company warned 77 million customers may have
had their personal data stolen.

The Irish Office of the Data Protection Commissioner said
it asked Sony for a report on the breaches. The U.K. Information
Commissioner’s Office will make additional enquiries before
deciding whether to take further action, the regulator said
yesterday.